filter syntax error
Carter Bullard
carter at qosient.com
Tue May 7 15:20:58 EDT 2013
Hey Harry,
You have to indicate that the eth0 is a string. On my system, with bash I have to use this:
ra - srcid \"eth0\"
Carter
On May 7, 2013, at 2:17 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> Hi All,
>
> Running the latest (i think) argus-clients 3.0.7.7.
>
> I've got a setup where I have multiple src ids configured. I'm trying to
> just pull records for one src id but am getting a syntax error.
>
> [root at usher ~]# ra -nnr /var/log/argus/argus.out - srcid eth0
> ra[31322]: 14:14:38.492897 srcid eth0 unknown
> ra[31321]: 14:14:38.890573 srcid eth0 filter syntax error
>
>
> I believe that the srcids are correct as ra can print them out.
>
> [root at usher ~]# ra -nnr /var/log/argus/argus.out -s
> saddr,sport,daddr,dport,srcid -N 3
> SrcAddr Sport DstAddr Dport SrcId
> 172.16.255.170.123 24.124.0.251.123 eth1
> 72.94.xx.xxx.123 24.124.0.251.123 eth0
> 172.16.255.254 172.16.255.176 eth1
>
>
> Is this a bug or am I doing something wrong?
>
> Cheers,
> Harry
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130507/52fdcb39/attachment.bin>
More information about the argus
mailing list